Skip to content

Instantly share code, notes, and snippets.

@mcspring

mcspring/README.md

Created October 23, 2018 10:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mcspring/f8f3eddc2b5cae093212e480535f6b64 to your computer and use it in GitHub Desktop.
Save mcspring/f8f3eddc2b5cae093212e480535f6b64 to your computer and use it in GitHub Desktop.
Download ZIP
concourse.ci on kubernetes via minikube
Raw
README.md

This is a work in progress and gets you to a running state (meaning you can bring the UI up via brower and login). It is not however fully tested.

To generate your keys, see https://concourse.ci/docker-repository.html and https://concourse.ci/binaries.html for notes on getting started.

Also see https://github.com/kubernetes/minikube/releases/tag/v0.12.1 for notes regarding minikube.

In this example, minikube was run on OSX sierra with v0.12.1 and xhyve hypervisor.

Minikube cluster created with minikube start --vm-driver=xhyve

Order for which to create specs with k8s.

  1. concourse-ns.yml
  2. concourse-db-deployment.yml
  3. concourse-db-svc.yml
  4. concourse-web-secrets.yml
  5. concourse-web-deployment.yml
  6. concourse-web-svc.yml
  7. concourse-worker-secrets.yml
  8. concourse-worker-deployment.yml
Raw
concourse-db-deployment.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: concourse-db
namespace: concourse
labels:
service: concourse-db
generation: 1
spec:
strategy:
type: RollingUpdate
replicas: 1
template:
metadata:
labels:
service: concourse-db
spec:
containers:
- env:
- name: PGDATA
value: /database
- name: POSTGRES_DB
value: concourse
- name: POSTGRES_PASSWORD
value: changeme
- name: POSTGRES_USER
value: concourse
image: postgres:9.5
name: concourse-db
restartPolicy: Always
Raw
concourse-db-svc.yml
apiVersion: v1
kind: Service
metadata:
name: concourse-db
namespace: concourse
spec:
ports:
- name: postgres-db
protocol: "TCP"
port: 5432
targetPort: 5432
selector:
service: concourse-db
type: NodePort
Raw
concourse-ns.yml
---
apiVersion: v1
kind: Namespace
metadata:
name: concourse
Raw
concourse-web-deployment.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: concourse-web
namespace: concourse
labels:
service: concourse-web
generation: 1
spec:
strategy:
type: RollingUpdate
replicas: 1
template:
metadata:
labels:
service: concourse-web
spec:
containers:
- name: concourse-web
command:
- concourse
- web
env:
- name: CONCOURSE_BASIC_AUTH_USERNAME
value: concourse
- name: CONCOURSE_BASIC_AUTH_PASSWORD
value: changeme
- name: CONCOURSE_EXTERNAL_URL
value: "http://concourse-web.concourse.svc.cluster.local:8080"
- name: CONCOURSE_POSTGRES_DATA_SOURCE
value: postgres://concourse:changeme@concourse-db.concourse.svc.cluster.local:5432/concourse?sslmode=disable
image: concourse/concourse
name: concourse-web
ports:
- containerPort: 8080
name: http
- containerPort: 2222
name: tsa
volumeMounts:
- name: concourse-keys
mountPath: /concourse-keys
readOnly: true
restartPolicy: Always
volumes:
- name: concourse-keys
secret:
secretName: concourse-web-secrets
defaultMode: 0400
Raw
concourse-web-secrets.yml
---
apiVersion: v1
kind: Secret
metadata:
name: concourse-web-secrets
namespace: concourse
type: Opaque
data:
authorized_worker_keys: <insert_your_base64_encoded_key_here>
session_signing_key: <insert_your_base64_encoded_key_here>
session_signing_key.pub: <insert_your_base64_encoded_pub_key_here>
tsa_host_key: <insert_your_base64_key_here>
tsa_host_key.pub: <insert_your_base64_encoded_pub_key_here>
Raw
concourse-web-svc.yml
apiVersion: v1
kind: Service
metadata:
name: concourse-web
namespace: concourse
spec:
ports:
- name: "concourse-web"
protocol: "TCP"
port: 8080
targetPort: 8080
nodePort: 30080
- name: "concourse-tsa"
protocol: "TCP"
port: 2222
targetPort: 2222
selector:
service: concourse-web
type: NodePort
Raw
concourse-worker-deployment.yml
apiVersion: v1
kind: ReplicationController
metadata:
labels:
service: concourse-worker
name: concourse-worker
namespace: concourse
spec:
replicas: 1
selector:
service: concourse-worker
template:
metadata:
labels:
service: concourse-worker
spec:
containers:
- command:
- concourse
- worker
env:
- name: CONCOURSE_TSA_HOST
value: concourse-web.concourse.svc.cluster.local
image: concourse/concourse
name: concourse-worker
volumeMounts:
- name: concourse-keys
mountPath: /concourse-keys
readOnly: true
securityContext:
privileged: true
restartPolicy: Always
volumes:
- name: concourse-keys
secret:
secretName: concourse-worker-secrets
defaultMode: 0400
Raw
concourse-worker-secrets.yml
---
apiVersion: v1
kind: Secret
metadata:
name: concourse-worker-secrets
namespace: concourse
type: Opaque
data:
tsa_host_key.pub: <insert_your_base64_encoded_pub_key_here>
worker_key: <insert_your_base64_encoded_key_here>
worker_key.pub: <insert_your_base64_encoded_pub_key_here>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment